Filterwatch has partnered with Taraaz, a non-profit organization at the intersection of technology and human rights, to produce a report entitled “Human Rights and Digitization of Public Spaces in Iran.” It appears at a key moment for digital rights in Iran, as protesters take to the streets and the Islamic Republic responds with brutal online and offline crackdowns including internet shutdowns.
In recent years, multiple cities around the world have proposed digitizing public services and spaces. These are often termed “smart city” projects. Examples include smart traffic control systems, smart street lighting, online taxis and bike sharing apps, public wifi, and transportation apps. These projects, which heavily rely on partnerships between municipalities and private technology companies, are often framed as innovations which provide greater efficiency. However, digitization of public spaces can also lead to increased government surveillance, crackdowns on protests, exclusion of marginalized communities from access to public spaces, and more.
Iranian cities — the focus of our report — are no exception. Many cities in Iran have proposed smart city projects in recent years, usually in the context of larger economic development plans. However, in Iran, where excessive state-forced localization of the Internet – under the name of National Information Network or NIN– has sparked outcry among digital rights advocates, such projects threaten to increase surveillance, restrict personal freedom, and violate privacy and other human rights.
The report begins with a series of case studies of real-world situations drawn from digitized public spaces. Here we list a summary of some of these cases:
- Gender-based discrimination: Digital platforms are becoming mediums for enforcing gender segregation policies. Examples include the Iranian bike sharing apps, which did not allow users to register as female and restrict women to ride in “female-only” parks, as well as reports of social media users receiving SMS messages from law enforcement about not wearing head coverings (hijab) in their cars and NAJA’s “Monitoring Plan” for enforcing mandatory hijab. These messages were linked to traffic camera monitoring.
- Surveillance and exclusion of marginalized communities: Last year, to control the spread of Covid-19, authorities in Tehran mandated the use of national ID numbers to purchase subway cards from digital kiosks. Similarly, mobile apps were introduced to buy public transportation tickets. As a result, Afghan refugees were excluded from this public service due to their lack of formal documentation. Furthermore, “smart ID cards” are now being implemented that rely on biometrics such as fingerprints and photos. Centralized ID system have been used for various applications including providing documentation for refugees and migrants (“Amayesh Card”), providing proof of military service, distributing the interests from government stock (Edalat) via a machine learning- enabled identity verification system called Sajam, controlling import and export in borders cities, and more. In some cases centralized digital ID systems (that rely on biometric data) exclude marginalized groups and thus deprive them of their socio-economic rights, such as access to public spaces, financial services, and public education. On the other hand, digital inclusion can also invite greater government surveillance, opening the door to other kinds of human rights violations. For instance, in a registration form for digital national IDs, Iranians were asked to select their religion from a provided category of religions. The Bahá’i faith — or an option such as “other” — was not listed in a category. As a result, Iranians belonging to the Bahá’i faith had to either lie or decide not to receive a new electronic national ID card.
- Public-private partnerships, data sharing practices: Municipalities use the 137 app to allow residents to submit reports of incidents ranging from missed garbage collections and neglected asphalt paving to violations of child labor laws. In these reports, users can include photos and exact locations of incidents. This app provides an Application Programming Interface (API) that grants data access to government agencies and private companies. API streamlines data sharing practices, which produces concerns regarding surveillance, invasion of privacy, false reporting, and retaliation. Reports may result in crackdowns that only remove an already marginalized population from the public eye. Such practices typically fail to improve the social situation and lives of marginalized groups.
- Non Iranian companies and smart city development: The South African multinational company MTN Group, in its sustainability reports, mentions the company’s ongoing smart city projects such as smart parking solutions, smart street lighting, and NFC-enabled payments for services in cities such as Tehran, Mashhad, and Bandar Anzali. The projects are implemented by MTN-Irancell, a joint partnership between MTN group and Kowsar Sign Pniz (KSP), a state-linked Iranian group. Collaboration between the city of Bushehr and the Austrian Institute of Technology (AIT) is another example. In addition, in December 2021, IPVM, a surveillance research group, reported on a contract between Tiandy, a Chinese video surveillance company, and the Iranian Revolutionary Guard Corps (IRGC), police, and the military.
What larger concerns do these case studies raise?
One of the primary concerns is surveillance. There is little transparency regarding the limits of data collection and sharing practices. Iran lacks comprehensive data protection laws, and government agencies have significant power over the private sector. There are no practical laws or accountability mechanisms to prevent authorities from asserting excessive control over the private sector. Ride-sharing apps, e-maps, online delivery services, and smart billboards are just a few examples of services run by private companies that have potential for abuse via government surveillance.
Interoperability of data management platforms, which has been repeatedly mentioned by authorities as a must-have for implementing smart city projects, is another major concern. Interoperability of data management systems within and between municipalities, law enforcement, and private companies allows data to be shared seamlessly with minimal regulation and oversight. “Privacy by design” principles such as de-identification and minimization of user information collection have not yet made their way into smart city planning in Iran.
Because most smart city projects rely on collecting location data and camera images, government agencies can easily locate protests and identify protesters. Data scraping and using social media APIs is another method for surveilling protesters. During the past couple of years, authorities have exerted control over communication technologies and imposed internet shutdowns in order to stifle organizing (for example, the government has sent threatening SMS to protesters).
Looking to the Future
To alleviate concerns regarding the degradation of civil liberties, attention must be paid to details of public-private partnerships in the development of smart city infrastructure. Private companies should take “privacy by design” measures to shield themselves from excessive government demands for access to users’ information. Our 2020 report provides a workbook entitled “Digital Rights Workbook: Start the Conversation in Your Company” for assessment of policies and practices.
Digital rights advocates should connect issues around state-forced localization of the Internet, e-government services, and smart city projects in Iran. “Smart city” projects, e-government initiatives, and the National Information Network take place within the same political and social context, and are often being developed by the same actors. They should not be studied separately.
There is also a need for interdisciplinary research and collective action about these socio-technical issues. We anticipate that the above-mentioned concerns regarding “smart city” projects (surveillance, violating freedoms, exclusion from public services, privatization, etc.) will become more prevalent in coming years. Therefore, researching, exposing, and advocating against these projects requires collective action, particularly by digital rights and surveillance studies researchers, human rights NGOs, journalists, independent technologists / technology companies. Journalists and civil society actors should utilize mechanisms for “freedom of information” requests in order to investigate a potential lack of data governance.